Privacy

Last updated: 17 May 2026

Tacked is built privacy-first. The short version: your tasks live in Notion, Trello, Apple Reminders, or Obsidian — Tacked doesn't store them. You don't need an account. The only thing the app sends home is one anonymous ping per day so I can see Tacked is being used. You can turn that off. This page explains the details.

What the Tacked app sends

One small POST per day, to stats.tacked.app, on the first task you mark done that day. The payload is exactly:

That's everything. No anchor titles, no notes, no source data, no OS or locale. The ping POST itself doesn't include an IP — Cloudflare retains request metadata at the edge (IP, User-Agent, country) for a short abuse-prevention window, which I don't access or correlate to install_ids. The point is to know whether Tacked is being used at all and roughly by how many people, so I can tell early whether the project is worth continuing.

It's opt-out, default on. You can flip it off during onboarding (twin toggle next to "Launch Tacked at login") or anytime in Settings → General → Privacy. When off, no ping is sent — the install_id file stays on your Mac so flipping it back on later doesn't show up as a new install. If you migrate to a new Mac via Migration Assistant or restore from Time Machine, the install_id moves with you (so a migration isn't counted as a new install); delete ~/Library/Application Support/Tacked/install_id if you'd rather reset.

There is no other telemetry, no analytics, no crash reporting, no account.

What the Tacked app stores — and where

This website

tacked.app is a static site hosted on Cloudflare Pages. It sets no cookies and runs no third-party scripts.

I use Plausible for basic, privacy-focused site analytics — to see how many people visit and how many click Download. Plausible is EU-hosted, cookieless, and never receives any personal information. The script is proxied through tacked.app, so your browser doesn't load anything from a third-party domain. What Plausible records is the page you visit, the day, your country (derived from a daily-rotating IP hash that's never stored), and — if you click a download button — that event. Nothing connects one visit to another, and nothing connects a visit to you.

Cloudflare logs requests at the edge for abuse-prevention; I don't access or correlate those logs to identify visitors.

Connecting external sources

When you connect Notion or Trello, the OAuth handshake passes through a small Cloudflare Worker at oauth.tacked.app. The worker exchanges short-lived authorization codes for access tokens and forwards them to your app. Tokens, scopes, and workspace identifiers are never logged. The worker source is part of the Tacked monorepo so you can read what it does.

If Tacked ever becomes paid

A future paid version will use a license-key model (no email/password account). The only data on a server would be the license key itself, a hash of the email used at purchase, the plan, and the expiry date — exactly enough to validate that a key is active. No usage data, no content from your anchors.

Your rights (GDPR / revDSG)

The only data on my side is the anonymous heartbeat described above — random IDs paired with a date and version. Because that identifier isn't tied to your name, email, account, or IP, I have no way to look up "your" rows to export, correct, or delete them. Turning the toggle off stops new pings; the existing ones stay anonymous in the counts. If you'd prefer the rows associated with your install removed anyway, email the install_id from Settings → General → Privacy to [email protected] and I'll delete those rows.

Changes to this policy

If material changes happen, the date at the top of this page changes too, and existing users hear about it before any change takes effect.